--- a/servers/slapd/slapd.conf +++ b/servers/slapd/slapd.conf @@ -2,7 +2,7 @@ # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # -include %SYSCONFDIR%/schema/core.schema +include /etc/openldap/schema/core.schema # Define global ACLs to disable default read access. @@ -10,13 +10,16 @@ # service AND an understanding of referrals. #referral ldap://root.openldap.org -pidfile %LOCALSTATEDIR%/run/slapd.pid -argsfile %LOCALSTATEDIR%/run/slapd.args +# If you change this, adjust pidfile path also in runscript! +pidfile /run/openldap/slapd.pid +argsfile /run/openldap/slapd.args # Load dynamic backend modules: -# modulepath %MODULEDIR% -# moduleload back_mdb.la -# moduleload back_ldap.la +modulepath /usr/lib/openldap +moduleload back_mdb.so +# moduleload back_hdb.so +# moduleload back_bbd.so +# moduleload back_ldap.so # Sample security restrictions # Require integrity protection (prevent hijacking) @@ -53,13 +56,16 @@ maxsize 1073741824 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" + # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret + # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. -directory %LOCALSTATEDIR%/openldap-data +directory /var/lib/openldap/openldap-data + # Indices to maintain index objectClass eq --- a/servers/slapd/slapd.ldif +++ b/servers/slapd/slapd.ldif @@ -9,8 +9,9 @@ # # Define global ACLs to disable default read access. # -olcArgsFile: %LOCALSTATEDIR%/run/slapd.args -olcPidFile: %LOCALSTATEDIR%/run/slapd.pid +# If you change this, set pidfile variable in /etc/conf.d/slapd! +olcPidFile: /run/openldap/slapd.pid +olcArgsFile: /run/openldap/slapd.args # # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. @@ -26,22 +27,23 @@ # # Load dynamic backend modules: # -#dn: cn=module,cn=config -#objectClass: olcModuleList -#cn: module -#olcModulepath: %MODULEDIR% -#olcModuleload: back_bdb.la -#olcModuleload: back_hdb.la -#olcModuleload: back_ldap.la -#olcModuleload: back_passwd.la -#olcModuleload: back_shell.la +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulepath: /usr/lib/openldap +#olcModuleload: back_bdb.so +#olcModuleload: back_hdb.so +#olcModuleload: back_ldap.so +olcModuleload: back_mdb.so +#olcModuleload: back_passwd.so +#olcModuleload: back_shell.so dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema -include: file://%SYSCONFDIR%/schema/core.ldif +include: file:///etc/openldap/schema/core.ldif # Frontend settings # @@ -83,13 +85,16 @@ olcDatabase: mdb olcSuffix: dc=my-domain,dc=com olcRootDN: cn=Manager,dc=my-domain,dc=com + # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd-config(5) for details. # Use of strong authentication encouraged. olcRootPW: secret + # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. -olcDbDirectory: %LOCALSTATEDIR%/openldap-data +olcDbDirectory: /var/lib/openldap/openldap-data + # Indices to maintain olcDbIndex: objectClass eq